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DETAILED ACTION 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/27/10 
has been entered. 

2. Claims 1, 7, 9, 12-14, 16-17 and 20 have been amended. 

3. Claims 1-20 are pending. 

Response to Arguments 

4. Applicant's arguments filed on 01/27/10 have been considered but are moot in 
view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

6. Claims 1-6 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Claim 1 recites "an apparatus" in the preamble, 
however, the body of the claim consists of a language that could be implemented as 
software only. Although the claim recites, a packet classifier, a queue coordinator, a 
buffer, none of them are implemented as a hardware structural component in the 
specification. Claim 1 is not a processes occurring as a result of executing the software 
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program, a machine programmed to operate in accordance with the software program 
not a manufacturer structurally and functionally interconnected with the program in a 
manner which enables the software program to act as a computer component and 
realize its functionality. It is also clearly not directly to a composition of matter. Claim 1 
may all be reasonably implemented as a software routines, therefore, claim 1 is rejected 
for failing to fall within a statutory category of invention and is rejected as non-statutory 
under 35 USC 1 01 . Dependent claims 2-6 do not cure the deficiencies of the 
independent claim, therefore, are also rejected for the same reason set forth above. 

7. Claims 7-20 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. While the claims recite a series of steps or acts 
to be performed, a statutory "process" under 35 U.S.C. 101 must (1) be tied to particular 
machine, or (2) transform underlying subject matter (such as an article or material) to a 
different state or thing. See page 10 of In Re Bilski 88 USPQ2d 1385. The instant 
claims are neither positively tied to a particular machine that accomplishes the claimed 
method steps nor transform underlying subject matter, and therefore do not qualify as a 
statutory process. In this case, method claim 7 neither transforms the claimed subject 
matter to a different state or thing nor they are tied to any computer or apparatus. 
Therefore, method claim 1 is rejected under 35 USC 101 for directing toward a mental 
step and being tied to a computer or any other apparatus. Dependent claims 8-20 do 
not cure the deficiencies of the independent claim, therefore, are also rejected for the 
same reason set forth above. 
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Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 . Claims 1-2 and 5-8 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Moran et al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. (hereinafter 
Maher) US 7,058,974 and in view of Kargl et al. (hereinafter Kargl) "Protecting Web 
Servers from Distributed Denial of Service Attacks", pages 514-524, 2001 . 
As per claim 1 : 

Moran teaches an apparatus to be connected between a network access unit 
and a network to be protected, for protecting legitimate traffic from DoS (denial of 
service) and DDoS (distributed denial of service) attacks, said apparatus comprising: 
a high-priority queue; {figure 40; col. 46, lines 55-58; a high priority queue) 
a low-priority queue; (figure 40; col. 46, lines 55-58; a low priority queue) 
a queue information table having, for each specific STT (source-based traffic 
trunk), a service queue for a specific packet having the specific STT, wherein the 
service queue is the hgh-priority queue or the low-priority queue; {col. 27, lines 15-17; a 
priority filter table (CAM), which contains information to the priority flows e.g. address 
pairs, etc.) 

a packet classifier for receiving a packet from the network access unit, searching 
the queue information table for a service queue associated with an STT of the received 
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packet, selectively transferring the received packet to the high-priority queue or the low- 
priority queue in accordance with the service queue; (col. 46, lines 53-57; the flows are 
prioritized into high and low priority flows. High priority flows are stored in high-priority 
queue while low priority flows are stored in low-priority queues) 

a queue coordinator for receiving information on the received packet from the 
packet classifier; (col. 27, lines 61-67; col. 45, line 32- col. 46, line 56) 

a buffer for buffering outputs of the high-priority queue and the low-priority queue 
and providing buffered outputs to the network to be protected, {col. 2, line 15; flow 
processor filters and buffers the collected data; col. 30, lines 30-32; the buffer space for 
each queue varies dynamically based on the arrival of classified packet; col. 46, lines 
61-62; buffers from low-priority queue can be reallocated to the high-priority queue) 

Moran does not explicitly disclose updating the service queue associated with the 
STT of the received packet in the queue information table based on a load of the STT of 
the received packet. Maher in analogous art, however, discloses updating the service 
queue associated with the STT of the received packet in the queue information table 
based on a load of the STT of the received packet, (col. 3, lines 7-34; col. 6, line 1 1-67; 
col. 7, line 54-col. 8, line 58; col. 11, line 28-col. 12, line 28) Therefore, it would have 
been obvious to one ordinary skill in the art at the time the invention was made to 
modify the system disclosed by Moran with Maher in order to assign data packets 
associated with a non-validated traffic flow to a low priority queue thereby preventing 
brute type denial of service attacks designed to clog networks. (Abstract; Maher) 
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Both references do not explicitly disclose previous load information stored in the 
queue information table in association with the STT of the received packet. Kargl in 
analogous art, however, discloses previous load information stored in the queue 
information table in association with the STT of the received packet. (3. Protection From 
DDOS) Therefore, it would have been obvious to one ordinary skill in the art at the time 
the invention was made to modify the system disclosed by Moran and Maher with Kargl 
in order to provide a DDoS protection environment that consists of servers that are 
accessed via a load balancing tool. (3.2; Kargl) 

As per claim 2: 

The combination of Moran, Maher and Kargl teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the network to be 
protected comprises a server, (col. 4, lines 36; server) 

As per claim 5: 

The combination of Moran, Maher and Kargl teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein a maximum load of both 
the high-priority queue and the low-priority queue is set to be a maximum allowable load 
of the network to be protected, (col. 46, lines 61-62; buffers from low-priority queue can 
be reallocated to the high-priority queue) 

As per claim 6: 

The combination of Moran, Maher and Kargl teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the network to be 
protected comprises a server, (col. 4, lines 36; server) 
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As per claim 7: 

Moran teaches a method of protecting legitimate traffic from DoS (denial of 
service) and DDoS (distributed denial of service) attacks, by way of an appratus which 
is connected between a network access unit and a network to be protected and which 
includes: a queue information table having, for each specific STT (source-based traffic 
trunk), a service queue for a specific packet having the specific STT, wherein the 
service queue is a high-priority queue or a low-priority queue, a queue coordinator, and 
a packet classifier, the method comprising the steps of: 

(a) obtaining, by the packet classifier, an STT (STT R ) of a packet received form 
the network access unit based on a source IP address of the received packet; {col. 27, 
lines 15-17; a priority filter table (CAM), which contains information to the priority flows 
e.g. address pairs, etc; col. 73, lines 26-28; only packets that match a specific set of 
MAC addresses (source or destination) may be included. Additionally, only packets that 
include a specific VLAN Group can be included) 

(b) searching, by the packet classifier, the queue information table for the service 
queue corresponding to the STT R and checking, by the packet classifier, whether the 
service queue is the high-priority queue or the low-priority queue; {figure 40; col. 46, 
lines 55-58; a low priority queue) 

(c) transferring, by the packet classifier, the received packet to the high-priority 
queue if the service queue is the high-priority queue in the step (b); (figure 40; col. 46, 
lines 55-58; a high priority queue) 
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(d) transferring, by the packet classifier, the received packet to the low-priority 
queue if the service queue is the low-priority queue in the step (b); {col. 46, lines 53-57; 
the flows are prioritized into high and low priority flows. High priority flows are stored in 
high-priority queue while low priority flows are stored in low-priority queues) and 

(e) transferring, by the packet classifier, packet information on the received 
packet to the queue coordinator; and (col. 27, lines 61-67; the flow processor to give a 
set of priority to a set of flows that contain a provisional (or other) address pairs 
corresponding to packets of interest) 

Moran does not explicitly disclose updating, by the queue coordinator and based 
on a load of STT R , the service queue associated with STT R in the queue information 
table. Maher in analogous art, however, discloses updating, by the queue coordinator 
and based on a load of STT R , the service queue associated with STT R in the queue 
information table, (col. 3, lines 7-34; col. 6, line 11-67; col. 7, line 54-col. 8, line 58; col. 
11, line 28-col. 12, line 28) Therefore, it would have been obvious to one ordinary skill in 
the art at the time the invention was made to modify the system disclosed by Moran with 
Maher in order to assign data packets associated with a non-validated traffic flow to a 
low priority queue thereby preventing brute type denial of service attacks designed to 
clog networks. (Abstract; Maher) 

Both references do not explicitly disclose previous load information stored in the 
queue information table in association with the STT of the received packet. Kargl in 
analogous art, however, discloses previous load information stored in the queue 
information table in association with the STT of the received packet. (3. Protection From 
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DDOS) Therefore, it would have been obvious to one ordinary skill in the art at the time 
the invention was made to modify the system disclosed by Moran and Maher with Kargl 
in order to provide a DDoS protection environment that consists of servers that are 
accessed via a load balancing tool. (3.2; Kargl) 
As per claim 8: 

The combination of Moran, Maher and Kargl teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the network to be 
protected comprises a server, (col. 4, lines 36; server) 

2. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. (hereinafter Maher) US 
7,058,974 and in view of Kargl et al. (hereinafter Kargl) "Protecting Web Servers from 
Distributed Denial of Service Attacks", pages 514-524, 2001 and in view of Bremler-Barr 
et al. (hereinafter Bremler-Barr) US 2003/0076848. 
As per claim 3: 

The combination of Moran, Maher and Kargl teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the information on the 
received packet includes a packet size and an index of the queue information table for 
representing STT information of the packet (col. 27, lines 15-17; a priority filter table 
(CAM), which contains information to the priority flows e.g. address pairs, etc.). Both 
references do not explicitly disclose information includes a packet arrival time. Bremler- 
Barr in analogous art, however, discloses information includes a packet arrival time 
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(page 5, paragraph [101]; arrival times of the packet). Therefore it would have been 
obvious to one ordinary skill in the art at the time the invention was made to modify the 
system disclosed by Moran, Maher and Kargl with Bremler-Barr in order to determine 
the next packet service completion time (paragraph [101]; Bremler-Barr). 
3. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. (hereinafter Maher) US 
7,058,974 and in view of Kargl et al. (hereinafter Kargl) "Protecting Web Servers from 
Distributed Denial of Service Attacks", pages 514-524, 2001 and in view of Dobson US 
6,650,643. 
As per claim 4: 

The combination of Moran, Maher and Kargl teaches all the subject matter as 
discussed above. In addition, Moran teaches wherein the queue information table has 
fields including an STT ID, a service queue col. 27, lines 15-17; a priority filter table 
(CAM), which contains information to the priority flows e.g. address pairs, etc; col. 73, 
lines 26-28; only packets that match a specific set of MAC addresses (source or 
destination) may be included. Additionally, only packets that include a specific VLAN 
Group can be included). None of the references explicitly disclose wherein the queue 
information table has an average load, a recent load calculation time and a total packet 
size. Dobson in analogous art, however, discloses wherein the queue information table 
has an average load, a recent load calculation time and a total packet size (col. 6, lines 
17-31; after calculating the current load, the load integrator calculates the average load 
at a pre-defined interval). Therefore it would have been obvious to one ordinary skill in 
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the art at the time the invention was made to modify the system disclosed by Moran, 
Maher and Kargl with Dobson in order to calculate current load and an average load for 
the processor based on the result from the load calculator performing the load calculator 
task (col. 4, lines 36-37; Dobson). 

4. Claims 9-11, 14 and 16 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Moran et al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. 
(hereinafter Maher) US 7,058,974 and in view of Kargl et al. (hereinafter Kargl) 
"Protecting Web Servers from Distributed Denial of Service Attacks", pages 514-524, 
2001 and in view of Dobson US 6,650,643. 
As per claims 9 and 16: 

The combination of Moran, Maher and Kargl teaches all the subject matter as 
discussed above. In addition, Moran further discloses (a') calculating an average load of 
an STT based on the packet information transferred from the packet classifier; (col. 30, 
lines 30-67; to manage aggregate packet rate and avoid dropped packets, the expert 
task monitors the average depth of the priority queue and may selectively discard flows 
from the priority filter) (b') selectively resetting the service queue associated with STT 
depending on the calculated average load of the STT; (col. 30, lines 30-67; the buffer 
space for each queue varies dynamically based on the arrival of a classified packet that 
meet the priority criteria and as the number of flows increases, buffers are reallocated . 
To manage aggregate packet rate and avoid dropped packets, the expert task monitors 
the average depth of the priority queue and may selectively discard flows from the 
priority filter) (c') calculating an average load of the high-priority queue; (col. 46, lines 
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60-62; Buffers from both the high and low priority queue can be reallocated if the 
amount of data surpasses a predetermined threshold.) None of the references explicitly 
disclose resetting a certain STT service queue based on the calculated average load of 
the high priority queue; and storing the reset STT information in the queue information 
table. Dobson in analogous art, however, discloses (d') selectively resetting a service 
queue associated with a certain STT depending on the calculated average load of the 
high-priority queue; (co/. 8, lines 57-64; the load integrator issues a re-start instruction to 
the load calculator in order to determine the next current load) and (e') storing the 
selectively reset service queue in the queue information table, {col. 8, lines 61-64; the 
load integrator may calculate and store a current load and an average load for the 
processor) Therefore it would have been obvious to one ordinary skill in the art at the 
time the invention was made to modify the system disclosed by Moran, Maher and Kargl 
with Dobson in order to calculate current load and an average load for the processor 
based on the result from the load calculator performing the load calculator task (col. 4, 
lines 36-37; Dobson). 
As per claim 10: 

The combination of Moran, Maher, Kargl and Dobson teaches all the subject 
matter as discussed above. In addition, Dobson further discloses storing a modified 
average load in the queue information table, {col. 8, lines 61-64; the load integrator may 
calculate and store a current load and an average load for the processor) 
As per claim 1 1 : 
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The combination of Moran, Maher, Kargl and Dobson teaches all the subject 
matter as discussed above. In addition, Dobson further discloses wherein the step (a') 
further includes the steps of: (a'1) calculating a total packet size based on the packet 
information transferred from the packet classifier; (col. 6, lines 17-31; after calculating 
the current load, the load integrator calculates the average load at a pre-defined 
interval) (a'2) checking whether it is time to recalculate the average load; [col. 6, lines 
17-31; after calculating the current load, the load integrator calculates the average load 
at a pre-defined interval) (a'3) if it is time to recalculate the average load in the step (a'2, 
calculating a new average load by using a previous average load and a current average 
load based on the total packet size, and proceeding to step (b'); {col. 8, lines 50-64; the 
load integrator discards the oldest prior load and stores the current load, ...the load 
calculator calculates the average load) and (a'4) if it is not time to recalculate the 
average load, proceeding to step (b'). (col. 8, lines 57-64; the load integrator issues a 
re-start instruction to the load calculator in order to determine the next current load) 
As per claim 14: 

The combination of Moran, Maher, Kargl and Dobson teaches all the subject 
matter as discussed above. In addition, Dobson further discloses wherein the step (c') 
further includes the steps of: (c'1) determining whether the service queue associated 
with STTr after the selective resetting in step (b') is the high-priority queue or the low- 
priority queue; (col. 6, lines 17-31; after calculating the current load, the load integrator 
calculates the average load at a pre-defined interval) (c'2) calculating a total packet size 
served through a high-priority queue associated with STTr is the high-priority queue; 
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(col. 6, lines 17-31; after calculating the current load, the load integrator calculates the 
average load at a pre-defined interval) (c'3) calculating an average load of a high-priority 
queue if it is time to recalculate the average load of the high-priority queue; and (col. 8, 
lines 50-64; the load integrator discards the oldest prior load and stores the current 
load, ...the load calculator calculates the average load) (c'4) proceeding to the step (d'). 
(col. 8, lines 57-64; the load integrator issues a re-start instruction to the load calculator 
in order to determine the next current load) 

5. Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Maher, III et al. (hereinafter Maher) US 
7,058,974 and in view of Kargl et al. (hereinafter Kargl) "Protecting Web Servers from 
Distributed Denial of Service Attacks", pages 514-524, 2001 and in view of Dobson US 
6,650,643 and in view of Bremler-Barr et al. (hereinafter Bremler-Barr) US 
2003/0076848. 

As per claim 12: 

The combination of Moran, Maher, Kargl and Dobson teaches all the subject 
matter as discussed above. In addition, Moran further discloses wherein the packet 
information includes a packet size and a queue information table index and a 
corresponding STT. (col. 27, lines 1 5-17; a priority filter table (CAM), which contains 
information to the priority flows e.g. address pairs, etc.). None of the references 
explicitly disclose information includes a packet arrival time. Bremler-Barr in analogous 
art, however, discloses information includes a packet arrival time (page 5, pp. 101; 
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arrival times of the packet). Therefore it would have been obvious to one ordinary skill in 
the art at the time the invention was made to modify the system disclosed by Moran, 
Maher, Kargl and Dobson with Bremler-Barr in order to determine the next packet 
service completion time (paragraph [101]; Bremler-Barr). 



Allowable Subject Matter 

6. Claims 13, 15 and 17-20 are objected to as being dependent upon a rejected 
base claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHEWAYE GELAGAY whose telephone number is 
(571)272-4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Shewaye Gelagay/ 
Examiner, Art Unit 2437 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



